ContentEncrypted Parts and Elements policies incorrect

David Valeri (JIRA) Thu, 11 Feb 2010 17:02:51 -0800

     [ 
https://issues.apache.org/jira/browse/CXF-2654?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


David Valeri updated CXF-2654:
------------------------------

    Attachment: cxf-2654.patch

Attaching patch along with updated test case.

After digging through the code a bit more, it would seem that the running list 
of found elements for encryption/signature should likely be inspected at any 
time that additional elements are added to the list to be signed or encrypted.  
There are a number of scenarios such as those involving supporting tokens or 
token protection where the CXF code adds additional elements to these lists but 
the signed/enc parts logic does not provide a means to check if the element was 
already added and vice versa.  While not an immediate issue, issues such as 
CXF-2656 have the potential of moving the order in which the signed/enc parts 
assertions are applied and subsequently introducing a need to perform this 
comprehensive checking.  For this reason, the patch incorporates new methods 
that are amenable to the introduction of such checking.

> Outbound handling of WS-SP Signed/Encrypted/ContentEncrypted Parts and 
> Elements policies incorrect
> --------------------------------------------------------------------------------------------------
>
>                 Key: CXF-2654
>                 URL: https://issues.apache.org/jira/browse/CXF-2654
>             Project: CXF
>          Issue Type: Bug
>          Components: WS-* Components
>    Affects Versions: 2.3
>            Reporter: David Valeri
>         Attachments: CXF-2654-test.patch, cxf-2654.patch
>
>
> If using policy assertions dictating signed/enc parts, and you specify a 
> namespace and name attribute, only the first instance of that part is signed.
> If using policy assertions dictating signed elements, only the first instance 
> of a matching element is signed.
> If using policy assertions dictating signed/enc parts with only a namespace 
> and no name attribute, AbstractBindingBuilder causes an infinite loop.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (CXF-2654) Outbound handling of WS-SP Signed/Encrypted/ContentEncrypted Parts and Elements policies incorrect

Reply via email to